As sensitive information, in the form of messages, photos, bank accounts, and more, finds its place on mobile devices, the need to properly secure them becomes a necessity. Traditional user-authentication mechanisms, such as lengthy passwords that include combinations of letters, numbers, and symbols, are not suited for mobile devices due to the small size of the touch screen and the lack of physical keyboards with tactile feedback. Given that users need to authenticate on their mobile devices tens or even hundreds of times throughout the day, the traditional password authentication technique becomes a real bottleneck. Further, other types of evolving devices do not lend themselves to traditional user-authentication mechanisms.
To simplify the authentication process, users tend to leave their devices completely unprotected, or they leverage simple authentication techniques such as 4-digit pins, picture passwords, or gesture unlock (e.g., trace a symbol or shape on the touchscreen). Even though these techniques allow easy and intuitive user-authentication, they compromise the security of the device, as they are susceptible to simple shoulder surface attacks. Pins, picture passwords, and unlock gestures can be easily retrieved by simply observing a user authenticating on his/her device once. In many cases, smudge fingerprints on the device's touchscreen can also be used to automatically identify the password (pin, picture, or gesture) without any direct observation of the authentication process.
Android™ devices recently brought face recognition to the masses by enabling user-authentication through the front-facing camera of the device. Even though intuitive and fast, this type of authentication suffers from typical computer vision limitations. The face recognition performance degrades significantly under poor or different lighting conditions than the ones used during training. Given that mobile devices are constantly carried and used by users, such fluctuations on the environmental conditions are common.
More recently, iPhone® introduced a touch identification technology that allows users to easily and securely unlock their devices by embedding a fingerprint sensor in the home button. Even though this approach addresses both the usability and security requirements of the authentication process, it is fundamentally limited to devices with large physical buttons on the front, such as the home button on the iPhone. However, as phone manufacturers push for devices with large edge-to edge displays, physical buttons are quickly replaced by capacitive buttons that can be easily embedded into the touchscreen, eliminating the real-estate required by a fingerprint sensor. Further, this solution requires the additional fingerprint sensor hardware and thereby increases device cost.